passt has no support for handling IPv4 fragmentation. This doesn't generally cause a problem, because our tap-side MTU is so large that fragmentation will almost never occur in practice. If for some reason (e.g. a misconfigured or malicious guest) we do receive IPv4 fragments from the guest, we will not give an error but misinterpret them: we'll treat each fragment as if it was an entire IP packets, which could have strange, hard to debug effects (bug 55 is a fairly tame example) Handling IPv4 defragmentation is complicated, and probably not useful for real cases. However we should at least print some sort of error so that it's obvious what's going on if we do hit one of these edge cases.
Patch sent.
Patch merged.